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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Please amend the claims as follows: 

1. (Currently Amended) A method for the containment of network communication , 
comprising the stops of : 

dotormining whothor ono or moro usage conditions aro mot; 

intercepting a connection mossago request to establish a communication conduit 
between a client and a server: and 

determining whether one or more usage conditions are met, wherein if at least one of 
the conditions is not met, then the connection request is not sent to the server, and wherein 
the conditions that would permit the connection request to be sent include a persistent 
usage condition in which a client to server conduit was previously authorized and a 
designated time interval for the persistent usage condition has not lapsedy 

conditiona ll y sending, based on the ono or moro usage conditions, the connection 
mossago from a cliont to a s e rver over a commun i cat i on condu i t . 

2. (Currently Amended) The method of Claim 1, further comprising the step of 
forwarding the connection mossago request to the server over the communication conduit 
when the one or more usage conditions are met. 

3. (Original) The method of Claim 2, wherein the determining step comprises 
identifying a first network address of the server, a second network address of the client and a 
port number of the communication conduit. 
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4. (Previously Presented) The method of Claim 3, further comprising the step of 
sending a plurality of DHCP reply messages for binding a first address of a first host to a second 
address of a second host, the plurality of DHCP reply messages sent to a third host, the server 
residing on the first host, and the client residing on the third host. 

5. (Currently Amended) The method of Claim 2, wherein the determining step 
comprises (a) obtaining a confirmation from a human, and (b) determining whether the 
communication conduit was used by the client prior to the client's sending the connection 
mossano request , or (c) dotormininc whether the c l ient sent the connection mossaco within an 
authorized time window . 

6. (Original) The method of Claim 2, wherein the determining step comprises 
obtaining a confirmation from a human, wherein the human (a) is associated with the client or 
(b) has administrative privilege. 

7. (Currently Amended) The method of Claim 2, wherein the determining step 
comprises (a) determining whether the client used the communication conduit at any time 
prior to the client's sending the connection message request, (b) determining whether the 
client used the communication conduit within a specific time-window prior to the client's 
sending the connection mossago request, or (c) determining whether the client used the 
communication conduit within a pre-determined context prior to the client's sending the 
connection mossano request, wherein the pre-determined context comprises a TCP connection 
or a session. 
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8. (Original) The method of Claim 2, wherein the determining step comprises 
determining whether a configuration of the client comprises one or more pre-determined data. 

9. (Currently Amended) The method of Claim 2, wherein the determining step 
comprises determining whether a repository comprises one or more authorization data 
pertinent to the connection mossaco request . 

10. (Original) The method of Claim 2, wherein the determining step comprises 
authorizing temporary usage of the communication conduit, wherein the temporary usage 
expires unless administrative approval is obtained (a) within a pre-determined time-window, 
(b) before the client sends a pre-determined number of messages, or (c) before the client uses 
a pre-determined number of distinct contexts, wherein a context comprises a TCP connection 
or a session. 

11. (Currently Amended) The method of Claim 2, wherein the determining step 
comprises determining whether the connection mosGQgo request is sent within a pre- 
determined time-window. 

12. (Original) The method of Claim 11, wherein the pre-determined time-window 
comprises one or more weekday peak usage hours. 



13. (Currently Amended) The method of Claim 1, further comprising the step of 
discarding the connection message request when the one or more usage conditions are not 
met. 
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14. (Original) The method of Claim 13, wherein the determining step comprises 
identifying a first network address of the client, a second network address of the server and a 
port number of the communication conduit. 

15. (Original) The method of Claim 1, further comprising the step of logging a result 
of the determining step. 

16. (Original) The method of Claim 1, further comprising the step of notifying a 
system-administrator of a result of the determining step. 



ATTORNEY DOCKET NO. PATENT APPLICATION 

SCOR-00600 10/806,578 
Confirmation No. 2215 

6 

17. (Currently Amended) A method for the containmont of network communication , 
comprising the stops of : 

determining whether ono or more sorvico conditions arc mot; 

intercepting a service-initiation request to establish a communication conduit between 
a client and a server: and 

determining whether one or more usage conditions are met, wherein if at least one of 
the conditions is not met, then the request is not sent to the server, and wherein the 
conditions that would permit the request to be sent include a persistent usage condition In 
which a client to server conduit was previouslv authorized and a designated time interval for 
the persistent usage condition has not lapsedy 

18. (Previously Presented) The method of Claim 17, further comprising the step of 
forwarding the service-initiation request to the server over the network when the one or more 
service-conditions are met. 

19. (Original) The method of Claim 18, wherein the determining step comprises 
identifying a first network address of the server and a second network address of the client. 

20. (Original) The method of Claim 19, further comprising the step of sending a 
plurality of DHCP reply messages for binding a first address of a first host to a second address of 

a second host, the plurality of DHCP reply messages sent to a third host, the server residing on 
the first host, and the client residing on the third host. 

21. (Previously Presented) The method of Claim 18, wherein the determining step 
comprises (a) obtaining a confirmation from a human or (b) determining whether the client 
sent the service-initiation request within an authorized time window. 
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22. (Previously Presented) The nnethod of Claim 18, wherein the determining step 
comprises identifying a request-type indicated by the service-initiation request. 

23. (Previously Presented) The method of Claim 18, wherein the determining step 
comprises determining whether a second service-initiation request of a same request-type as 
the service-initiation request (a) was forwarded to the server at any time prior to the client's 
sending the service-initiation request (b) was forwarded to the server within a pre-determined 
time-window prior to the client's sending the service-initiation request, or (c) was forwarded to 
the server within a specific context, wherein a context comprises a TCP connection or a session. 

24. (Previously Presented) The method of Claim 18, wherein the determining step 
comprises determining whether a second service-initiation request of the one or more pre- 
determined request-types (a) was forwarded to the server at any time prior to the client's 
sending the service-initiation request, (b) was forwarded to the server within a pre-determined 
time-window prior to the client's sending the service-initiation request, or (c) was forwarded to 
the server within a specific context, wherein a context comprises a TCP connection or a session. 

25. (Previously Presented) The method of Claim 17, further comprising the step of 
discarding the service-initiation request when the one or more usage conditions are not met. 



26. (Previously Presented) The method of Claim 25, wherein the determining step 
comprises identifying a first network address of the client and a second network address of the 
server. 
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27. (Original) The method of Claim 17, further comprising the step of logging a 
result of the determining step. 

28. (Original) The method of Claim 17, further comprising the step of notifying a 
system-administrator of a result of the determining step. 
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29. (Currently Amended) A system for the containment of network communication, 
comprising: 

a communication proxy for intercepting a connection mossacG request from a client to a 
server over a communication conduit; 

wherein the communication proxy is programmed to determine whether one or more 
usage conditions are met, and wherein if at least one of the conditions is not met, then the 
connection request is not sent to the server, and wherein the conditions that would permit 
the connection request to be sent include a persistent usage condition in which a client to 
server conduit was previously authorized and a designated time interval for the persistent 
usage condition has not lapsed the communication proxy (a) forwards the connection mossano 
to the sorvor over the communication conduit when the one or more usage conditions are mot, 
or (b) discards tho connection mossago when tho ono or more usage cond i t i ons arc not mot . 

30. (Currently Amended) The method of Claim 29, wherein the communication 
proxy (a) obtains a confirmation from a human, and (b) determines whether the 
communication conduit was used by the client prior to the c l ient's client sending the 
connection mossago request , or (c) dotorminos whothor tho c li ent sent tho connoction mossaco 
within an authorized time window . 

31. (Original) The system of Claim 29, wherein the communication proxy identifies a 
first network address of the server, a second network address of the client and a port number 
of the communication conduit. 

32. (Previously Presented) The method of Claim 31, further comprising the step of 
sending a plurality of DHCP reply messages for binding a first address of a first host to a second 
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address of a second host, the plurality of DHCP reply messages sent to a third host, the server 
residing on the first host, and the client residing on the third host. 

33. (Previously Presented) The system of Claim 31, wherein the communication 
proxy resides in a network element, the network element in a communication path between 
the client and the server. 

34. (Original) The system of Claim 31, wherein the communication proxy and the 
client reside on the same host. 

35. (Original) The system of Claim 31, wherein the communication proxy and the 
server reside on the same host. 
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36. (Currently Amended) A system for the containment of network communication, 
comprising: 

a service-proxy for intercepting a service-initiation request from a client to a server over 
a network; 

wherein the service-proxy is configured to determine whether one or more service- 
conditions are met, and wherein if at least one of the conditions is not met, then the request 
Is not sent to the server, and wherein the conditions that would permit the request to be sent 
Include a persistent usage condition in which a client to server conduit was previously 
authorized and a designated time interval for the persistent usage condition has not lapsed 
tho sorvico proxy (a) forwards the service initiation request to the server over the network 
when the one or more service conditions are mot or (b) discards the service initiation request 
when tho ono or more service conditions are not mot . 

37. (Previously Presented) The system of Claim 36, wherein the service-proxy (a) 
obtains a confirmation of the one or more service-conditions being met from a human or (b) is 
programmed to determine whether the client set the service-initiation request within an 
authorized time-window. 

38. (Original) The system of Claim 36, wherein the service-proxy identifies a first 
network address of the server and a second network address of the client. 

39. (Previously Presented) The method of Claim 38, further comprising the step of 
sending a plurality of DHCP reply messages for binding a first address of a first host to a second 
address of a second host, the plurality of DHCP reply messages sent to a third host, the server 
residing on the first host, and the client residing on the third host. 
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40. (Previously Presented) The system of Claim 38, wherein the service-proxy 
resides in a network element, the network element in a communication path between the 

client and the server. 

41. (Original) The system of Claim 38, wherein the service-proxy and the client 
reside on the same host. 

42. (Original) The system of Claim 38, wherein the service-proxy and the server 
reside on the same host. 

43. (Previously Presented) The method of Claim 36, wherein the service-proxy 
determines a request-type indicated by the service-initiation request. 



